Updated on 2024-09-24 GMT+08:00

Overview

A bastion host enables centralized resource management, making it easier for you to manage entire lifecycle of managed resources and their accounts in a more secure way. You can easily switch over between resource management and maintenance through single sign-on (SSO) without affecting business running on resources.

  • Resource types

    You can use a bastion host to manage a wide range of resource types, including Windows and Linux servers, Windows applications, databases, such as MySQL and Oracle, and Kubernetes servers. A host may map to multiple host resources. This means if you configure different protocols for the same host, the host resources are counted based on the protocols you configure for this host. This is similar to application resources. The following lists supported resource types:

    • Host resources of the client-server architecture, including hosts configured with the Secure Shell (SSH), Remote Desktop Protocol (RDP), Virtual Network Computing (VNC), Telnet, File Transfer Protocol (FTP), SSH File Transfer Protocol (SFTP), DB2, MySQL, SQL Server, Oracle, Secure Copy Protocol (SCP), or Rlogin protocol.
    • Application resources of the browser-server architecture or the client-server architecture, including more than 12 types of browser- and client-side Windows applications, such as Microsoft Edge, Google Chrome, and Oracle tools.
  • Resource management
    • Batch importing

      A bastion host supports auto-discovery, synchronization, and bulk importing of cloud resources, such as Elastic Cloud Server (ECS) and Relational Database Server (RDS) instances for centralized operation.

    • Account group management

      A bastion host manages resource accounts by group, enabling you to grant permissions to multiple resource accounts quickly by adding resource accounts of the same attribute to an account group and granting permissions to the account group.

    • Batch management

      You can manage information and accounts of managed resources in batches, including modifying and deleting resource information, adding resource labels, verifying managed resource accounts, and deleting managed resource accounts.